IoT threats mount, while smart thermostats invade the home

Smart thermostats explode onto the scene and ‘Devil’s Ivy’ issue leaves IoT products at risk as we connect more and more devices.

It has been one of the busiest weeks in some time for internet of things (IoT) developments.

For example, today (21 June), almost one year after being bought by Intel, Movidius has revealed a tiny $79 USB tool that brings advanced AI to ordinary hardware devices.

With the new Movidius Neural Compute Stick, developers can perform such actions as train artificial neural networks on the Intel Nervana cloud, and optimise existing workloads for AI as well as virtual and augmented reality, and even automated driving.

The stick also makes it possible to bring the same Movidius vision processing – seen on devices such as the DJI Spark drone – to devices on the edge.

Elsewhere, Apple has taken the unprecedented step of opening up about its research in the area of machine learning.

Well, opening up is a bit of a stretch, but the company doesn’t normally do this kind of thing either. The Machine Learning Journal is a blog focused on machine learning papers and sharing Apple’s findings.

Modius is a weight-loss device that combines neuroscience and technology to solve health issues.

Lastly, Cubic Telecom – which counts Audi and Qualcomm as investors, and Microsoft and Volkswagen as customers – is about to close a $40m round, and is also understood to be capturing a further $40m in investment.

But what else did you miss this week?

Devil’s Ivy

The wonderfully named code flaw Devil’s Ivy, found in the gSOAP library, has spooked people in the IoT industry.

Senrio found the problem while looking into the remote configuration services of the M3004 dome camera from Axis Communications. The bug occurs when sending a large XML file to a vulnerable system’s web server.

There are thousands of these devices currently exposed to the internet, according to Senrio, featuring across enterprise firms in areas such as healthcare, government and transport.

“Software or device manufacturers who rely on gSOAP to support their services are affected by Devil’s Ivy, though the extent to which such devices may be exploited cannot be determined at this time,” said the company.

“Based on our research, servers are more likely to be exploited. But clients can be vulnerable as well, if they receive a SOAP message from a malicious server.

“We named the vulnerability Devil’s Ivy because, like the plant, it is nearly impossible to kill and spreads quickly through code reuse.

“Its source in a third-party toolkit downloaded millions of times means that it has spread to thousands of devices and will be difficult to entirely eliminate.”

Smart thermostats, smart thermostats everywhere!

Don’t get up to turn on the heating, you’re above that. Getting up is menial, walking is for losers. That’s why smart thermostats have caught on, perhaps.

The number of North American and European homes with a smart thermostat grew by 67pc to 10.1m in 2016, with European growth actually at 77pc, though it’s coming from a smaller base (2.3m today).

Berg Insight predicts that this number will multiply significantly in the coming four years, reaching 78.1m by 2021.

North America will remain the largest market at the end of the forecast period, with 43.4m homes that have smart thermostats, whereas the installed base in Europe is expected to reach 34.7m, according to the company.

“Smart thermostats is a particularly attractive opportunity in the smart home market, as these systems are of great interest for consumers, energy companies and HVAC service providers,” said Berg’s Anders Frick.

The appeal for consumers isn’t just ease of use. It’s also the ability to control heating costs far better, potentially making savings to what, for many, is a significant ongoing bill.

“Adding intelligence to residential heating and cooling systems furthermore opens up new opportunities for HVAC service providers. Predictive maintenance and remote diagnostics can allow repair and maintenance activities to be streamlined and done more efficiently,” he said.

Swimming with the fishes

In one of the quirkier hacking attempts in recent years, security firm Darktrace this week revealed a scenario where a fish tank played a prominent role.

At an unnamed casino, a fish tank was connected to the internet to automatically feed the fish and keep their environment comfortable.

Despite extra security precautions set up on the tank, hackers still managed to compromise it, sending data to a device in Finland before the threat was discovered and stopped.

“Someone used the fish tank to get into the network, and once they were in the fish tank, they scanned and found other vulnerabilities and moved laterally to other places in the network,” Justin Feir, director for cyber intelligence and analysis at Darktrace, explained to CNN.

“In the current cyber climate with political and corporate espionage, I think you’re going to start to see attackers, whether nation state or criminal, having to get more creative in their attack vectors,” Feir said.

Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.